From

Thank you

Sorry

The battle over privacy legislation has begun in earnest in the states and in Congress, in what may be the pivotal year for this issue.

This week, the first major bipartisan bill regarding online privacy was introduced
in Congress. But states which have just begun calling their legislatures
into session are seeing a flurry of privacy-related bills, many of which
could affect financial service companies.

What may be the biggest problem facing some businesses is the potential hodgepodge
of state legislation, with varying rules and standards for protecting privacy.

Dozens of bills are being introduced in response to the Gramm-Leach-Bliley
Act, a sweeping financial deregulation bill that was approved by Congress
two years ago. That legislation didn't preempt the authority of states to adopt
their own financial privacy rules. "The big question is, How does a state
government that has been rooted in geography deal with a medium that knows no
boundaries?" said Emily Hackett, state policy director at The Internet
Alliance, a Washington-based trade group.

Touting Tools, Not Laws

"It is very difficult to deal with a myriad of different types of regulation
on the same issue," said Kirk Herath, chief privacy officer at Nationwide
Insurance Cos. The Columbus, Ohio-based company could ultimately be forced to
model its privacy rules around those states with the toughest privacy bills
to ensure compliance nationally, he said.

But compliance may be expensive. For instance, if a company adopts "opt-in"
policies across the board for all its business units, its systems will have
to be able to easily exchange data, which isn't simple for a firm with a lot
of legacy systems, said Herath. "There are some systems people [who] really
hope that privacy and security will probably "drive a lot of systems infrastructure
investment over the next 10 years," he said.

Some key lawmakers, including the powerful House Energy and Commerce Committee
chairman, Rep. W.J. Billy Tauzin (R-La.), have predicted that online
privacy legislation will be passed, perhaps in as little as eight months.

"We're gearing up and organizing to take on this issue," said Tauzin,
speaking to reporters after a recent forum sponsored by Palo Alto, Calif.-based
high-tech public policy group TechNet and the Arlington, Va.-based National
Venture Capital Association.

But Bob Herbold, Microsoft Corp.'s executive vice president and chief operating
officer, who also spoke at the high-tech forum, urged continued self-regulatory
efforts. He said the industry is deploying tools, such as the Platform for Privacy
Preferences Project, that customers can trust to protect their privacy.

"We think it's better that companies like Microsoft and others in this
industry provide those tools as opposed to dealing with burdensome legislation,"
Herbold said.

53 Bills Introduced in 21 States

State legislatures are just beginning to convene, but 14 bills related to online
identity theft, fraud and children's issues have already been introduced in
Arizona, Massachusetts, New Jersey and Missouri, according to research sponsored
by The Internet Alliance, a Washington-based trade group.

The Alliance said 53 bills dealing with financial privacy have been introduced
in 21 states. And the list is expected to grow.

In Congress, Reps. Chris Cannon (R-Utah) and Anna G. Eshoo (D-Calif.) this
week introduced a privacy bill that would set some baseline data protection
standards for firms doing business online. Their bill is modeled after one introduced
in the Senate last year and is likely to be proposed again in the new congressional
session.

That measure, which is expected to be reintroduced by Sens. John McCain (R-Ariz.)
and John Kerry (D-Mass.), would give Internet users the ability to limit the
use and disclosure of personal information through an "opt-out" mechanism.
It would also require companies to post notices about the kind of data they
collect and how that information is used.

The federal bills, however, are being criticized by privacy advocates for failing
to allow access to information and for relying on an opt-out instead of an opt-in
model.

But Jeff Hartley, a spokesman for Cannon, said the bill will likely be changed.
"We want all sides at the table in this," said Hartley, adding that
all aspects of the proposal are open for discussion.